Re: EUM - Browser violation error

Khalid_Rehan2 · ‎09-11-2024

Dears,

I'm getting an error after loading the adrum.js:

Refused to frame https://cdn.appdynamics.com/ because it violates the following Content Security Policy directive: frame-src 'self' www.google.comwww.google.com

The EUM is reachable.EUM-processor: version-'24.4.0.0', commit-cd:XXXXXXXXXXXXXXb, build-release/24.4.0.next #24.4.0-35342, timestamp=2024-05-02 01:18:33

The backend is Microsoft SharePoint. CSP has added both the CDN and EUM servers.

Regards,
Khalid

iamryan · ‎12-12-2024

Hi @Khalid.Rehan,

Thank you for updating the thread and letting us know.

Khalid_Rehan2 · ‎12-12-2024

Hello @Ryan.Paredez

It seems that the solution I posted does not apply to most cases.

I faced the same issue twice and the solution was to allow some policies on F5 loadbalancer related to CORS error.

It worked on one case, but I now have about 3 cases one of them F5 could not resolve it until now 😄

I will update the post once I resolve it.

Regards,

Khalid

iamryan · ‎11-19-2024

Hi @Khalid.Rehan,

Thank you for sharing the solution!

Khalid_Rehan2 · ‎11-19-2024

Hi @Ryan.Paredez ,

We were able to fix the problem by disabling the config.xd in the EUM snippet 😄

config.xd = {enable : false};

Example:

<script charset='UTF-8'>
window['adrum-start-time'] = new Date().getTime();
(function(config){
    config.appKey = 'EUM-XYZ-ABC';
    config.adrumExtUrlHttp = 'https://cdn.appdynamics.com';
    config.adrumExtUrlHttps = 'https://cdn.appdynamics.com';
    config.beaconUrlHttp = 'https://eum.myappd.com';
    config.beaconUrlHttps = 'https://eum.myappd.com';
    config.xd = {enable : false};
})(window['adrum-config'] || (window['adrum-config'] = {}));
</script>
<script src='https://cdn.appdynamics.com/adrum/adrum-latest.js'></script>

Regards,

Khalid

iamryan · ‎10-22-2024

Hi @Khalid.Rehan,

If I find any new info, I'll share it here. If you find any new information or a solution, please share it here.

iamryan · ‎09-12-2024

Hi @Khalid.Rehan,

I found this AppDynamics Docs page that I think would be helpful. Please have a read and let me know if it helped.

https://docs.appdynamics.com/appd/22.x/latest/en/end-user-monitoring/browser-monitoring/browser-real...

Khalid_Rehan2 · ‎10-20-2024

Hi Ryan,

unfortunately, it did not work applying what is recommended in the doc you shared:

C:\inetpub\wwwroot\wss\VirtualDirectories\{your-site}
Add the CSP Header to the <httpProtocol> section of the Web.config file.

<system.webServer>
   <httpProtocol>
      <customHeaders>
         <add name="Content-Security-Policy" value="script-src 'unsafe-inline' cdn.appdynamics.com; connect-src peum.kaska.com; img-src cdn.appdynamics.com; child-src cdn.appdynamics.com;" />
      </customHeaders>
   </httpProtocol>
</system.webServer>

The application crashed and we had to rollback.

Notes: the agent is loaded successfully.

Any other suggestions? Where else to look?

EUM - Browser violation error

Real User Monitoring

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

EUM - Browser violation error

Real User Monitoring

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future